79abbd6f55d763c6c0af8885cc573dcfaf36059822dc6f2db005242578e0909b

Sharing

Copy URL

Twitter E-mail

General

Target

Dominator.zip
Size

36.2MB
Sample

240312-wxzz4shh79
MD5

ab5b7a0603b2b2f870af938e89150611
SHA1

460f78a9f777128727e9090705e677e7768d324e
SHA256

79abbd6f55d763c6c0af8885cc573dcfaf36059822dc6f2db005242578e0909b
SHA512

439d4f9560331c53adc28311f5d5041d228cbd6dc909080f126b1d8c2d0d1d51bc9295b2dc462c9451ad0779e1c0fa3eeacd7eee420f73f5375c59858bfef680
SSDEEP

786432:QpAl1c6hfr/pDxBuzl+lPNIZrDoHojhILFYnaAHCUKwCJ3D02:QpAl1c6hj/pXuz4teOLFYnhKwCJ3o2

Score

10^/10

Malware Config

Targets

- Target
  
  Dominator.zip
- Size
  
  36.2MB
- MD5
  
  ab5b7a0603b2b2f870af938e89150611
- SHA1
  
  460f78a9f777128727e9090705e677e7768d324e
- SHA256
  
  79abbd6f55d763c6c0af8885cc573dcfaf36059822dc6f2db005242578e0909b
- SHA512
  
  439d4f9560331c53adc28311f5d5041d228cbd6dc909080f126b1d8c2d0d1d51bc9295b2dc462c9451ad0779e1c0fa3eeacd7eee420f73f5375c59858bfef680
- SSDEEP
  
  786432:QpAl1c6hfr/pDxBuzl+lPNIZrDoHojhILFYnaAHCUKwCJ3D02:QpAl1c6hj/pXuz4teOLFYnhKwCJ3o2
Score

1^/10
behavioral1 behavioral2
- Target
  
  Dominator/DCONT/dControl.exe
- Size
  
  447KB
- MD5
  
  58008524a6473bdf86c1040a9a9e39c3
- SHA1
  
  cb704d2e8df80fd3500a5b817966dc262d80ddb8
- SHA256
  
  1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326
- SHA512
  
  8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31
- SSDEEP
  
  6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD
Score

10^/10

evasion trojan upx
- Modifies security service
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  out.upx
- Size
  
  653KB
- MD5
  
  6970ea0b6597dcd5b4f5f19f28e958a8
- SHA1
  
  a0130bb7ac03ec4799c90781ca93fd1392c6d54c
- SHA256
  
  481e03978ca339ce697252895efe89b09fefd3098ad247d24eeb6cca9969f553
- SHA512
  
  bc95cbe9a050e3d3b713745ef399bf2817d38f8e019f6edffdd2bf755badbde766e434e39a7f32356125bba0692b694c18da8dd0762aac0c9430d45acb215e01
- SSDEEP
  
  12288:nkxDoouVA2nxKkhEvdRgQriDJOIlW+yBGQowlNCWS:RRmJkioQrilOIc+yMx
Score

1^/10
behavioral5 behavioral6
- Target
  
  Dominator/VCRUNTIME/VC_redist.x64.exe
- Size
  
  24.2MB
- MD5
  
  077f0abdc2a3881d5c6c774af821f787
- SHA1
  
  c483f66c48ba83e99c764d957729789317b09c6b
- SHA256
  
  917c37d816488545b70affd77d6e486e4dd27e2ece63f6bbaaf486b178b2b888
- SHA512
  
  70a888d5891efd2a48d33c22f35e9178bd113032162dc5a170e7c56f2d592e3c59a08904b9f1b54450c80f8863bda746e431b396e4c1624b91ff15dd701bd939
- SSDEEP
  
  786432:Rip+Ty2SfUfnRLL96rFyZrimbJdCnoJpOhX+dx:Mp+Ty2SfWnFJ6rQVdKhX+dx
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral7 behavioral8
- Target
  
  Dominator/dominator.exe
- Size
  
  13.1MB
- MD5
  
  9f835ae0a98370c3f4677c9e6623a1c9
- SHA1
  
  49af270fb5d0322d96be88d90be2ede10e8663c9
- SHA256
  
  4cd55194a056eef2d3caa6dd414bc163138236c8be3bce26b6681622a1a7ef75
- SHA512
  
  5bf8d25c630467321dbaa1f946cfae37c9d2474eb03d7a275c84c9d075e6cb46fe2078e4fe1329ad78b1ef181c232483024919bd88a0a50c6023edcf23c72679
- SSDEEP
  
  196608:g3Dnr4gyh+fwPCbGvD73I9dVCxuGQDwI4jY1keiWJyFG+Wg5P0NbATCj/p0LG+A:g3z0IIPC6vHMVgSz4k1ke3e8liCrUG
Score

8^/10

evasion
- Looks for VMWare Tools registry key
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral10 behavioral9
- Target
  
  Dominator/setup.bat
- Size
  
  1KB
- MD5
  
  79b066c8b719dee74dc5b74fec87808c
- SHA1
  
  497109077a04f04a39f1ab1c62095b7a0b9a0d8b
- SHA256
  
  af724b5016ba21fdd43078319a481cd97244fd33d08189d1971945036fcf4e7c
- SHA512
  
  34cb0b4eb82018c22889658d33df44aab32cd114c17cf3125cc71e2f7668956ff8f7a8b6a5688ecec496df6b91f72fe10b7c66fc8c39c947ecb1897f4dd56a17
Score

10^/10

evasion ransomware trojan
- UAC bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
  ransomware evasion
behavioral11 behavioral12